<?php 
session_start();    

?>
<!doctype html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<title>Document</title>
</head>
<body>



<?php 
function Conectarse($db){
   
    if (!($c=mysql_connect("localhost","mentes","!menteslibrex"))) 
   { 
      echo "Error conectando a la base de datos."; 
      exit(); 
   } 
   if (!mysql_select_db($db, $c)) 
   { 
      echo "Error seleccionando la base de datos."; 
      exit(); 
   }    
   return $link; 
}

function getSalt(){
  $code = md5(uniqid(rand(), true));
  return substr($code, 0, 22);
}

function encodePass ($p){
   $pepper = 'nardo2xaLa$Puta$!';
   $p = $pepper.$p;
   $salt = getSalt();
   $hashed = crypt ($p,'$2a$15$'.$salt);
   return array($hashed,$salt);
}

function checkPass ($r,$p){
      $d=mysql_fetch_array($r);
      $pepper = 'nardo2xaLa$Puta$!';
      $p = $pepper.$p;
      $salt = $d['salt'];
      $p1 = crypt ($p,'$2a$15$'.$salt);
      $p2 = $d['pass'];
      if ($p1 == $p2){
         return true;
      }
      return false;
}

function validateData ($str){
   $str = htmlspecialchars(trim(addslashes(stripslashes(strip_tags($str)))));
   $str = str_replace(chr(160),'',$str);
   return trim(mysql_real_escape_string($str));
}

if (isset($_POST['ent'])){
   $conexion = Conectarse("mentes");
   $pass = validateData($_POST['fpass']);
   $nick = validateData($_POST['fnick']);
   $result = mysql_query("SELECT * FROM user WHERE nick ='$nick'");
   unset ($_POST);
        if (checkPass ($result, $pass)){
          $_SESSION['auth']=1;
          $_SESSION['id']=$nick;
          // reset intentos
          mysql_query("UPDATE `user` SET `intentos` = '0' WHERE nick = '$nick';");
          unset($_SESSION['error']);
          Header('Location:/perfil.php');
        }else{
         $_SESSION['error'] = 01;
         $_SESSION['id']=$nick;
         $prevTime = $_SESSION['time'];
         $curTime = time();
         $r = mysql_query("SELECT * FROM user WHERE nick ='$nick'");
         $d = mysql_fetch_array($r);
         
         if ($d['intentos'] == '-1'){header('Location:banned.php');
                                die();} //antes de hacer una mierda eso es lo primero a mirar
        
         if ($d['intentos'] >= 5){ 
             $d['intentos'] = -2; //asi al sumar despues se keda en 1 si es una cochinada             
         }
         $_SESSION['contador']=$d['intentos']+1;
         mysql_query("UPDATE `user` SET `intentos` = '$_SESSION[contador]' WHERE nick = '$nick';");
         if (abs($curTime - $prevTime)<5) { //BOT TIMING CASI IMPOSIBLE HACERLO A MANO
            $_SESSION['error'] = 03;
             if (isset($_SESSION['bot'])){
               mysql_query("UPDATE `user` SET `intentos` = '-1' WHERE nick = '$nick';");
             }
         }
        Header('Location:/index.php');          
        }     
    mysql_close($conexion);
}

if (isset($_POST['reg'])){
   $conexion = Conectarse("mentes"); 
   $pass = validateData($_POST['fpass']);
   $nick = validateData($_POST['falias']);
   $name = validateData($_POST['fname']);
   $surname = validateData($_POST['fsurname']);
   unset($_POST);
   list($pass, $salt) = encodePass($pass);
   
   mysql_query("INSERT INTO user (nick, pass, name, surname, salt) 
               VALUES ('$nick', '$pass', '$name', '$surname', '$salt')");
	mysql_close($conexion);
   header('Location:/index.php');
}
?> 

</body>
</html>